CN102356418A - Data processing device and data processing method - Google Patents

Data processing device and data processing method Download PDF

Info

Publication number
CN102356418A
CN102356418A CN2009801581536A CN200980158153A CN102356418A CN 102356418 A CN102356418 A CN 102356418A CN 2009801581536 A CN2009801581536 A CN 2009801581536A CN 200980158153 A CN200980158153 A CN 200980158153A CN 102356418 A CN102356418 A CN 102356418A
Authority
CN
China
Prior art keywords
data
scramble
conversion
xor
scrambling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2009801581536A
Other languages
Chinese (zh)
Other versions
CN102356418B (en
Inventor
古川和快
下山武司
武仲正彦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Ltd
Original Assignee
Fujitsu Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Ltd filed Critical Fujitsu Ltd
Publication of CN102356418A publication Critical patent/CN102356418A/en
Application granted granted Critical
Publication of CN102356418B publication Critical patent/CN102356418B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Abstract

A data processing device includes an address bus, a scramble unit, and a data bus. The address bus outputs address data to be supplied to a memory device. The scramble unit scrambles write-in data for a storage position of a memory device specified by the address data so as to obtain hidden data. The data bus outputs the hidden data. The scramble unit has a first scramble unit, a first conversion unit, and a second scramble unit. The first scramble unit obtains an exclusive OR between the first mask data and the write-in data corresponding to the address data for each bit so as to obtain first scramble data. The first conversion unit performs one-to-one character-changing conversion on the first scramble data. The second scramble unit acquires an exclusive OR between the second mask data corresponding to the address data and the first scramble data which has been converted by the first conversion unit for each bit and outputs the obtained second scramble data as hidden data.

Description

Data processing equipment and data processing method
Technical field
The present invention relates to technology that the data of preserving in the memory storage are protected.
Background technology
The embedding equipment of mobile phone etc. is owing to possess valuable assets such as pay content, so become the object of attack of illegal these assets of acquisition.One of attack as this, data snooping (data probing) is arranged.Data snooping is the attack from the data bus wiring sense data of exposing between MPU (Micro Processor Unit) chip and the external RAM (Random Access Memory).
As the method for the leakage of information that prevents to cause, data scramble (data scramble) is arranged because of this data snooping.The data scramble is through outwards send data from the MPU chip before, data-switching being become scramble data, coming the assailant is encrypted the technology of this data content.
Here describe to Fig. 1.Illustrate an example of existing data scramble among Fig. 1.
In Fig. 1, have the address bus 11 and data bus 12 that bit wide all is w-bit as the MPU chip 1 of data processing equipment, be connected respectively with external RAM 2 as memory storage.And MPU chip 1 has processor 100 and scramble portion 200 in inside.
Address bus 11 output by processor 100 outputs, give address date to external RAM 2.
200 pairs of processors of scramble portion 100 output write data, promptly this corresponding with the memory location of the external RAM of being confirmed by the address date of address bus 11 outputs 2 writes data and carries out scramble, obtains enciphered data.
The enciphered data that data bus 12 output scramble portions 200 obtain.
Formation to scramble portion 200 shown in Figure 1 further illustrates.
Scramble portion 200 constitutes to be possessed: key register 201, XOR circuit (below be called " XOR circuit ") 202, alternative functions handling part 203 and XOR circuit 204.
Key register 201 is the registers that store w-bit scrambling key data K.
XOR circuit 202 obtain the address date identical with the address date of address bus 11 output, with key register 201 in each XOR of the scrambling key data that store.
Alternative functions handling part 203 makes from the input of the w-bit data of XOR circuit 202 output, and by the unique alternative conversion process of exporting accordingly of any one existing data of w-bit bit table.
When XOR circuit 204 is moved in scramble, obtain processor 100 output write data, with each XOR of the data of exporting from alternative functions handling part 203 corresponding (mask (mask) value) with address date.From the data of this XOR circuit 204 outputs are the enciphered datas that will write after the data scramble, and these data are exported to outside RAM2 from data bus 12.This enciphered data is stored memory location in the external RAM 2, that confirmed by the address date of address bus 11 output.
Read from external RAM 2 under the situation of this enciphered data at MPU chip 1, scramble portion 200 goes scramble (descramble) action.
MPU chip 1 is identical by the address date of the address bus 11 outputs address date when writing this enciphered data when external RAM 2 is read enciphered data.Therefore; If the two identical during with the scramble action of the alternative conversion F in the scrambling key data K of key register 201 and the alternative functions handling part 203, it is identical to write fashionable mask value from the mask value of alternative functions handling part 203 outputs and enciphered data when then enciphered data is read.
XOR circuit 204 the enciphered data of going the scramble action time to obtain to read from external RAM 2, with each XOR from the mask value of alternative functions handling part 203 outputs.Here and since enciphered data write fashionable when reading mask value identical, so the XOR of enciphered data and mask value becomes the original data that write.The enciphered data that is through with like this go scramble, the original data that write that obtain are processed device 100 and read in.
Like this, in formation shown in Figure 1, the scramble of the data that the inner scramble portion 200 of MPU chip 1 carries out writing to outside RAM2.That is, because the wiring of processor 100 and scramble portion 200 is not exposed to MPU chip 1 outside, so can't read by the data that write before the enforcement scramble through data snooping.
In addition, in this formation shown in Figure 1, the processor 100 that carries out data processing usually is utilized in to be prepared to write before the data, can prepare this characteristic of address date to address bus 11, carries out the calculating in advance of mask value.So, accomplish scramble in the time delay of having realized between processor 100 and external RAM 2, being allowed to and handle this high speed response property through reduce as far as possible to the processing that writes data.
General in the scramble of the data that write to memory storage, if, then can improve security,, also can guarantee security even processing mode has been disclosed through generation mask values such as public keys block encryptions.But, because the general dealing with complicated of public keys block encryption, so, then be difficult to satisfy data bus 12 desired conditions that transmission writes data, be high speed response property if use the public keys block encryption.
On the other hand, the scramble that adopts formation shown in Figure 1 is difficult to know the guarantee of the algorithm of generation mask value as security through scramble portion 200 is embedded in the MPU chip 1 with the assailant.Even because adopt the scramble of this formation to be disclosed with the algorithm of scramble but the situation of having introduced safe encryption to compare calculated amount few, can this characteristic of high speed processing so have.
In addition, data scramble portion in the formation shown in Figure 1 200 use from processor 100 outputs write data and this two sides information of address date, generate scramble data (enciphered data).Like this, also depend on the data scramble algorithm of address date through adopting, even writing under the identical situation of data, therefore the scramble data that is written to external RAM 2 also can resolve antagonism and improve because of the difference of address date is different.
In addition, as other background technology, known have a technology of also carrying out the scramble of data in memory cell side; With the double-encryption technology that data encrypted is further encrypted.
Patent documentation 1: TOHKEMY 2001-109667 communique
Patent documentation 2: TOHKEMY 2002-328844 communique
Patent documentation 3: TOHKEMY 2004-110408 communique
As stated, through in MPU chip 1, possessing scramble portion 200, can make data become enciphered data to data snooping.But, still exist the assailant that the scramble algorithm is resolved this danger.In order to ensure the security of scramble, need estimate the security of scramble algorithm.
To such as in the scramble portion 200 of Fig. 1 the employing, use that the scrambling key data are carried out the algorithm of data scramble, one of the project promptly estimated with the security of the scramble algorithm of key, be the antagonism that the key exhaustive search of attacking based on known plaintext text is attacked.
In this key exhaustive search is attacked, the scrambling key data, write data, scramble data and address date, with the group of the hardware that the scramble algorithm has been installed in, the data except the scrambling key data are endowed to the assailant.The assailant at random sets the scrambling key data and carries out scramble in this case.Then, carry out this execution repeatedly, till determining the scrambling key data of using in the group that is being endowed.
The key length of scrambling key data is long more, and the antagonism of attacking to this key exhaustive search is high more.In addition, can be employed in imponderable value in the real time, guarantee security through making this key exhaustive search attack needed calculated amount.
The scramble algorithm of the band key that adopts in the scramble portion 200 of Fig. 1 can't make the key length (position is long) of scrambling key data grow to more than the word length of processor 100.
For example, present majority is below the 32bit towards the word length of the processor of the equipment of embedding.Here, consider under the situation that word length is made as 32bit, the key exhaustive search of the scramble portion 200 of Fig. 1 is attacked.If suppose to carry out scramble each second 1000 times, then just can explore the scrambling key data through 50 days.
In addition, as the attack method of scramble algorithm to the band key, known have a kind of method of selecting text expressly to attack.In this is attacked, can't know the scrambling key data though be thought of as the assailant, can free setting data and address date obtain the situation of scramble data.That is, this attack is supposition assailant's the high attack of ability force rate key exhaustive search attack.
In the scramble portion 200 of Fig. 1, the assailant at first to whole address date generate write data and scramble data to youngster.Then, if calculate scramble data and the XOR that writes data, then just can know mask value to whole scramble datas.So the assailant can be under the state of not knowing the scrambling key data, the mask value that use obtains goes scramble to become data the scramble data of arbitrary address.
Summary of the invention
The present invention proposes in view of the above problems, and its problem of wanting to solve is to provide a kind of and have antagonistic data scramble mode to selecting the plaintext text to attack.
Disclosed data processing equipment has in this instructions: address bus, scramble portion and data bus.Wherein, address bus is used to export the address date that memory storage is given.Scramble portion is used for obtaining enciphered data to carrying out scramble with the corresponding data that write in memory location of the memory storage of being confirmed by the address date of address bus output.Data bus is used to export the enciphered data that scramble portion obtains.
Wherein, scramble portion has the 1st scramble unit, the 1st converting unit and the 2nd scramble unit.Wherein, the 1st scramble unit through obtain with each XOR of corresponding the 1st mask data of address date, thereby carry out scramble and obtain the 1st scramble data writing data.The 1st converting unit is used for the 1st scramble data is substituted conversion one to one.The 2nd scramble unit through obtain with each XOR of corresponding the 2nd mask data of address date, obtain the 2nd scramble data thereby come that the data after being implemented to change to the 1st mask data by the 1st converting unit are carried out scramble.Wherein, scramble portion with the 2nd scramble data as enciphered data.
In this device, the data that write after the 1st converting unit is to the 1st scramble unit scramble have been carried out on the basis of alternative conversion, and the 2nd scramble unit further carries out scramble.Can prevent to be directed against the processing that writes data, become simple XOR with mask value by the 1st converting unit.That is, according to the formation of this device, the relation that writes data and enciphered data in the input and output of scramble portion also depends on to write data except depending on address date.Therefore, the text attack has antagonism to the data scramble of being undertaken by this device to selecting expressly.
In addition, in this device, obtain unit, have these 2 scramble unit of the 1st scramble unit and the 2nd scramble unit to the mask value that writes data as being used to.Here,, obtain the 2nd mask data, can make the key length of scrambling key whole data longer than existing key length according to address date and the 2nd scrambling key data through obtaining the 1st mask data according to address date and the 1st scrambling key data.Thus, the antagonism that the key exhaustive search is attacked is compared with aforesaid situation in the past and is improved.
In addition, in the 1st scramble unit and the 2nd scramble unit of this device, can carry out in advance in order to obtain the calculating of mask value according to address date.Therefore, if converting unit is made as at a high speed, then this device can make the scramble action realize high speed response property.
In addition, in this manual, also disclose through this data processing equipment the enciphered data of storing in the memory storage has been gone scramble, obtained the original scrambling apparatus that goes that writes data.This goes scrambling apparatus to have address bus, the 1st to go to scramble unit, inverse conversion unit and the 2nd to go to the scramble unit.
Wherein, address bus is used to export the address date that memory storage is given.The 1st goes to the scramble unit through obtaining each the XOR with aforesaid the 2nd mask data, thereby comes to go scramble to remove scramble data in the middle of obtaining to the enciphered data of reading from the memory location of the memory storage confirmed by address date.The inverse conversion unit removes scramble data to this centre, carries out the inverse conversion by the alternative conversion of aforesaid the 1st converting unit enforcement.The 2nd goes to the scramble unit through obtaining each the XOR with the 1st mask data, thereby comes going scramble to obtain the original data that write by the inverse conversion unit to middle data of going scramble data to implement after the inverse conversion.
Remove scrambling apparatus according to this, aforesaid data processing equipment is read the enciphered data of storing in the memory storage and it is gone scramble, can obtain the original data that write.In addition, can constitute aforesaid data processing equipment certainly and have the inscape that this removes scrambling apparatus, obtain the original data that write according to enciphered data by data processing equipment self.
And, also disclose data processing method that above-mentioned data processing equipment carries out and above-mentioned in this instructions and removed the scramble method that goes that scrambling apparatus carries out.
According to disclosed device and method in this instructions, playing to provide a kind of to selecting the attack of plaintext text to have antagonistic this effect of data scramble mode.
Description of drawings
Fig. 1 is the figure of an example of the existing data scramble of graphic representation.
Fig. 2 is the whole pie graph of data processing equipment.
Fig. 3 be graphic representation scramble portion shown in Figure 2 formation the 1st the example figure.
Fig. 4 be graphic representation scramble portion shown in Figure 2 formation the 2nd the example figure.
Fig. 5 is the pie graph of scramble portion.
Fig. 6 A be alternative functions with and contrafunctional the 1st example.
Fig. 6 B be alternative functions with and contrafunctional the 2nd example.
Fig. 7 be graphic representation scramble portion shown in Figure 2 formation the 3rd the example figure.
Fig. 8 be graphic representation scramble portion shown in Figure 2 formation the 4th the example figure.
Fig. 9 be graphic representation scramble portion shown in Figure 2 formation the 5th the example figure.
Description of reference numerals: 1-MPU chip; The 2-external RAM; The 11-address bus; The 12-data bus; The 100-processor; 200-scramble portion; 201,211,221-1,221-2,221-n-key register; 202,204,212,214,221-1,221-2,224-1,224-2,222-n, 224-n-XOR circuit; 203,213,220,223-1,223-2,230-1,230-2,320,223-n, 230-n-alternative functions handling part; 205,215-register; The basic portion of 206-; 206-1-the 1st basic portion; 206-2-the 2nd basic portion; The 216-extension; 216-1-the 1st extension; 216-2-the 2nd extension; 300-goes to scramble portion.
Embodiment
Below, based on accompanying drawing embodiment of the present invention is described.
Among Fig. 2 graphic representation constitute as the integral body of the MPU chip 1 of data processing equipment.
In Fig. 2, MPU chip 1 has the address bus 11 and data bus 12 that bit wide all is w-bit, is connected respectively with external RAM 2 as memory storage.And MPU chip 1 has processor 100 and scramble portion 200 in inside.
Address bus 11 output by processor 100 outputs, give address date to external RAM 2.
200 pairs of processors of scramble portion 100 output write data, promptly this corresponding with the memory location of the external RAM of being confirmed by the address date of address bus 11 outputs 2 writes data and carries out scramble, obtains enciphered data.
The enciphered data that data bus 12 output scramble portions 200 obtain.
Formation to scramble portion 200 shown in Figure 2 further illustrates.Among Fig. 3 graphic representation the 1st example of formation of this scramble portion 200.
In Fig. 3, scramble portion 200 constitutes to be possessed: key register 201 and 211, XOR circuit 202,204,212 and 214 and alternative functions handling part 203 and 213.
Key register 201 is to preserve the register of w-bit scrambling key data K0.The scrambling key data K0 (in following explanation, also this key data K0 being called " the 1st scrambling key data " sometimes) that preserves in advance in this key register 201 can change.
XOR circuit 202 obtain the address date identical with the address date of address bus 11 output, with key register 201 in each XOR of the 1st scrambling key data of preserving.
Alternative functions handling part 203 makes from the input of the w-bit data of XOR circuit 202 output, and by the unique alternative conversion process of output accordingly of any one existing data of w-bit bit table.The alternative conversion F0 that in this alternative functions handling part 203, carries out generally is made as the relation of input and output non-linear.Wherein, alternative functions handling part 203 is through constituting basic logic element (logical multiply circuit, logic and circuit, NOT-circuit etc.) combination.But, if processing speed is not limited, then for example also can substitute conversion with reference to table storage in advance in the memory storage, that the corresponding relation of input and output has been carried out definition in advance.Wherein, in following explanation, will be from the data of this alternative functions handling part 203 outputs, this data corresponding with address date are called " the 1st mask data ".
XOR circuit 204 through obtain processor 100 output write data, with each XOR from the 1st mask data of alternative functions handling part 203 outputs, carry out the scramble that this writes data.
In following explanation, will by key register 201, XOR circuit 202 and 204 and alternative functions handling part 203 scramble of carrying out be called " the 1st scramble ".In addition, will be called " the 1st scramble data " through the data that the 1st scramble obtains.
Key register 211 is to preserve the register of w-bit scrambling key data K1.The scrambling key data K1 (in following explanation, also this key data K1 being called " the 2nd scrambling key data " sometimes) that preserves in advance in this key register 211 also can change.
XOR circuit 212 obtain the address date identical with the address date of address bus 11 output, with key register 211 in each XOR of the 2nd scrambling key data of preserving.
Alternative functions handling part 213 makes from the input of the w-bit data of XOR circuit 212 output, and by the unique alternative conversion process of output accordingly of any one existing data of w-bit bit table.The alternative conversion F1 that in this alternative functions handling part 213, carries out is also same with alternative conversion F0, and generally the relation with input and output is made as non-linear.This alternative functions handling part 213 also through the basic logic element combination is constituted, if processing speed is not limited, then for example also can have carried out predefined table with reference to the corresponding relation to input and output of memory device stores and substitute conversion.Wherein, in following explanation, will be from the data of this alternative functions handling part 213 outputs, this data corresponding with address date are called " the 2nd mask data ".
XOR circuit 214 through obtain the 1st scramble data that obtains based on the 1st scramble, with each XOR from the 2nd mask data of alternative functions handling part 213 outputs, carry out the scramble of the 1st scramble data.
In following explanation, will by key register 211, XOR circuit 212 and 214 and alternative functions handling part 213 scramble of carrying out be called " the 2nd scramble ".In addition, will be called " the 2nd scramble data " through the data that the 2nd scramble obtains.
In the formation of Fig. 3, the 2nd scramble data that obtains through the 2nd scramble is the enciphered data after data are carried out scramble that writes to processor 100 outputs, and these data are exported to outside RAM2 from data bus 12.This enciphered data is stored memory location in the external RAM 2, that confirmed by the address date of address bus 11 output.
The formation of scramble portion 200 like this, shown in Figure 3 is formations that 2 grades of connections of existing formation file shown in Figure 1 are formed.Therefore, thus for the enciphered data that obtains through this formation being gone scramble obtain the original data that write, as long as carry out the scramble of going in the existing formation shown in Figure 1 with the order opposite with Fig. 3.
In the formation of Fig. 3, using key length all is the 1st scrambling key data and the 2nd scrambling key data of w-bit, writes the scramble of data.Therefore; As scramble portion 200 integral body; The key length that writes the employed scrambling key data of scramble of data becomes 2 times (2w-bit) on apparent, but because the formation of Fig. 3 can be to the formation conversion of Fig. 1 equivalent with it, so to compare security constant with Fig. 1.
Then, Fig. 4 is described.The 2nd example of the formation of Fig. 4 is graphic representation scramble portion 200 shown in Figure 2.
In Fig. 4, given identical Reference numeral to the inscape identical with key element shown in Figure 3.Part to these inscapes is omitted explanation.
The difference of the 1st example of formation that this is shown in Figure 4 and formation shown in Figure 3 is: appended the alternative functions handling part 220 that the 1st scramble data that obtains through the 1st scramble is substituted one to one conversion.And, in the 2nd scramble of this formation shown in Figure 4, come the data after 220 pairs the 1st scramble datas conversions of alternative functions handling part are carried out scramble through each the XOR of obtaining by XOR circuit 214 with the 2nd mask data, thereby obtain the 2nd scramble data.And the 2nd scramble data becomes the enciphered data after data are carried out scramble that writes to processor 100 outputs.
Alternative functions handling part 220 makes the input of w-bit the 1st scramble data, with the alternative conversion process of being exported by any one existing data of w-bit bit table one to one correspondingly.The alternative conversion G that is undertaken by this alternative functions handling part 220 also with substitute conversion F0, F1 is same, generally the relation with input and output is made as non-linear.This alternative functions handling part 220, then for example also can carry out predefined table with reference to the corresponding relation to input and output that memory storage is preserved in advance and substitute conversion if processing speed is not limited through the basic logic element combination is constituted.But, because the alternative conversion of the data that this alternative functions handling part 220 carries out writing to outside RAM2, so preferred conversion process be a high speed.
In this formation shown in Figure 4, to have carried out the data (i.e. the 1st scramble data) that write after the scramble 220 pairs of alternative functions handling parts through the 1st scramble and implemented on the basis of alternative conversion, the 2nd scramble is further carried out scramble.Thus, can prevent to the simple XOR with mask value that is treated as that writes data.That is, according to this formation shown in Figure 4, the relation that writes data and enciphered data in the input and output of scramble portion 200 also depends on to write data except depending on address date.Therefore, have data scramble that the scramble portion 200 of formation shown in Figure 4 carried out and have antagonism selecting expressly text to attack.In addition, since the input and output of alternative functions handling part 220 not from scramble portion to exposing outside, so can prevent attack to alternative functions handling part 220.That is, under the situation on the right side that alternative functions handling part 220 is set to 204 left side or 214, become to the fragile formation of the simple differential attack of alternative functions handling part 220.Therefore, in formation shown in Figure 4, alternative functions handling part 220 need be arranged between 204 and 214.
And in this formation shown in Figure 4, as scramble portion 200 integral body, the key length that writes the employed scrambling key data of scramble of data becomes 2 times (2w-bit).Therefore, the antagonism that the key exhaustive search is attacked is compared with the existing formation of Fig. 1 and is improved.
Next, the scramble of going that the MPU chip 1 of scramble portion 200 with this formation shown in Figure 4 is stored in the enciphered data in the external RAM 2 describes.Fig. 5 is the pie graph that goes to scramble portion that this enciphered data is gone scramble.
In the formation of Fig. 5, possesses scramble portion 300 in inside as the MPU chip 1 of Fig. 2 of data processing equipment.Can certainly replace such formation, independently go to possess scramble portion 300 in the scrambling apparatus and constitute with MPU chip 1.
In Fig. 5, given identical Reference numeral to the inscape identical with key element shown in Figure 4.Omitted the explanation of the part of these inscapes.
Shown in Figure 5 go to scramble portion 300 to constitute to possess: key register 201 and 211, XOR circuit 202,204,212 and 214 and alternative functions handling part 203,213 and 320.Wherein, address bus 11 is with shown in Figure 4 same, output by processor 100 outputs, give address date to external RAM 2.
XOR circuit 214 comes the enciphered data (being aforesaid the 2nd scramble data) of reading from the memory location of the external RAM 2 confirmed by address date is gone scramble through obtaining each XOR with aforementioned the 2nd mask data.So, obtain aforesaidly having carried out the 1st scramble data after the conversion by alternative functions handling part 220.Here this is gone scramble to be called " the 1st goes scramble ", will be called " scramble data is removed in the centre " through the 1st data of going scramble to obtain.
Scramble data is removed in the centre that 320 pairs of XOR circuit 214 of alternative functions handling part obtain, and carries out the inverse conversion G by the alternative conversion G of alternative functions handling part 220 enforcements -1So, obtain aforesaid the 1st scramble data.
Here, Fig. 6 A is described.Fig. 6 A be alternative functions G with and inverse function G -1The 1st example.Wherein, the example of the alternative functions G of this Fig. 6 A is that the word length of input and output is the example of 4-bit (these 16 values of " 0 " (under 2 systems " 0000 ")~" f " (under 2 systems " 1111 ")).
The situation of output " 0 " when having showed alternative functions G among Fig. 6 A and for example being transfused to " 8 ".And, if " 0 " that has showed as the output of this alternative functions G is transfused to inverse function G -1, then export situation to " 8 " of alternative functions G input.In Fig. 6 A, this alternative functions G and its inverse function G -1The relation of input and output obviously under all values of " 0 "~" f ", all set up.In addition, the input/output relation of this alternative functions G is also obviously corresponding one to one.
Wherein, alternative functions handling part 320 is also same with alternative functions handling part 220, through the basic logic element combination is constituted.Here, if processing speed is not limited, then for example also can have carried out predefined table and substitute conversion with reference to the corresponding relation of storing in the memory storage to input and output.But, because the alternative conversion of the data that this alternative functions handling part 320 carries out reading from external RAM 2, so preferred conversion process be a high speed, this is also same with alternative functions handling part 220.
Turn back to the explanation of Fig. 5.
XOR circuit 204 is through obtaining each the XOR with aforesaid the 1st mask data, and the scramble of making a return journey is gone the data after the scramble data inverse conversion by 320 pairs of centres of alternative functions handling part.So, obtain carrying out the original data that write of scramble when action processor 100 outputs in scramble portion 200.Here this is gone scramble to be called " the 2nd goes scramble ".
Represented among Fig. 5 that the scramble action of going of going to scramble portion 300 to be implemented that constitutes carries out as above.
Here, the formation of the scramble portion 200 of Fig. 4 and the formation of going to scramble portion 300 of Fig. 5 are compared.So XOR circuit 204 is all obtained the XOR of the data that are transfused to (in scramble portion 200 for writing data, in going to scramble portion 300, being the data after the middle inverse conversion of removing scramble data) and aforesaid the 1st mask data no matter in which constitutes.Therefore, the 1st scramble of scramble portion 200 with go to the 2nd of scramble portion 300 to go can share XOR circuit 204 in the scramble.In addition, XOR circuit 214 is all obtained the XOR of the data (being the 1st scramble data, is the enciphered data of reading from external RAM 2) that are transfused to and aforesaid the 2nd mask data no matter in which constitutes in going to scramble portion 300 in scramble portion 200.Therefore, the 2nd scramble of scramble portion 200 with go to the 1st of scramble portion 300 to go scramble can share XOR circuit 204.Like this, the scramble action through carrying out in scramble portion 200 is shared XOR circuit 204 and 214 with going of going that scramble portion 300 carries out in the scramble action, can cut down the circuit scale of MPU chip 1.
And, be used to obtain constituting of the 1st mask data by what key register 201, XOR circuit 202 and alternative functions handling part 203 constituted, scramble portion 200 with go to scramble portion 300 in identical.And, be used to obtain constituting of the 2nd mask data by what key register 211, XOR circuit 212 and alternative functions handling part 213 constituted, scramble portion 200 with go to scramble portion 300 in also identical.Therefore, make scramble portion 200 and going to scramble portion 300 under the situation of single MPU chip 1 inner coexistence, can share key register 201 and 211, XOR circuit 202 and 212 and alternative functions handling part 203 and 213.Through these inscapes are shared in the scramble action action of scramble that scramble portion 200 carries out and going of going that scramble portion 300 carries out, also can cut down the circuit scale of MPU chip 1.
In addition; Also can be in alternative functions handling part 220 and alternative functions handling part 320, share and just change the alternative functions handling part (being called " homomorphism substitutes and changes " here) that is changed to homomorphism with its reverse what the data that are transfused to substituted conversion one to one and should substitute conversion.
Here, Fig. 6 B is described.Fig. 6 B be alternative functions G with and inverse function G -1The 2nd example.Wherein, the example of the alternative functions G of this Fig. 6 B is also same with the example of the 1st shown in Fig. 6 A, and the word length that is input and output is the example of 4-bit (these 16 values of " 0 " (2 systems are " 0000 ")~" f " (2 systems are " 1111 ")).
The situation of output " 3 " when having showed alternative functions G among Fig. 6 B and for example being transfused to " 0 ".And, showed and will input to inverse function G as " 3 " of the output of this alternative functions G -1The time, output is to the situation of " 0 " of alternative functions G input.In Fig. 6 B, this alternative functions G and its inverse function G -1The relation of input and output obviously under all values of " 0 "~" f ", all set up.And the input/output relation of this alternative functions G is also obviously corresponding one to one.
And, in the example of Fig. 6 B, the input among the alternative functions G and the corresponding relation of output and its inverse function G -1In corresponding relation also obviously identical.Therefore, the alternative functions of this Fig. 6 B is just being changed G and its inverse conversion G -1Homomorphism.
Carry out the function handling part that such homomorphism substitutes conversion if constitute, then can in alternative functions handling part 220 and alternative functions handling part 320, share it.That is,, can cut down the circuit scale of MPU chip 1 through carrying out the alternative functions handling part 220 of function handling part in scramble portion 200 that homomorphism substitutes conversion and going to share in the alternative functions handling part 320 in the scramble portion 300.
Next, the security of the scramble implemented by scramble portion shown in Figure 4 200 is studied.
For example, consider the word length (being address date and the bit wide that writes data) of processor is made as the situation of 32-bit.At this moment, the 1st scrambling key data and the 2nd scrambling key data all can be made as 32-bit.At this moment, the key length of scrambling key whole data is 64-bit.Under this situation, if suppose can carry out for 1 second 1000 scramble actions, the key exhaustive search attack that then is directed against the scramble algorithm of aforesaid band key needs 584,942,417 years.In addition, even can carry out 1,000,000,000 scramble action 1 second, also need 584 years.Therefore, want in the time of reality, to find very difficulty of scrambling key data.
Wherein, as far as processor 100, preferably the visit to outside RAM2 is a processor at a high speed.Therefore, the scramble action of preferably being undertaken by scramble portion 200 and by go that scramble portion 300 carries out to go scramble to move the needed time few.Here, for example constitute as following if will substitute the alternative functions handling part 203,213,220 and 320 of conversion or its inverse conversion, then can shorten should the time.
That is, word length is being made as under the situation of 32-bit, is replacing alternative functions handling part 203,213,220 and 320 alternative functions that merely constitute 32-bit, and for example replace by the permutation function of 32-bit and the combination of 8 4-bit alternative functions.Generally speaking, the alternative functions word length is long more, and the complexity of formation is with exponential increase, and it is also long more to change the needed time.Therefore, so through will as substituting of the long alternative functions of word, shortening the needed time of conversion that substitutes owing to only carrying out the permutation function that arranging again of position constitutes extremely easily and switching time is short, the alternative functions combination short with word length.In addition, instead the alternative functions of using is not limited to the function of 4-bit word length, for example also can use 2 6-bit alternative functions and 4 5-bit alternative functions, perhaps can use 4 8-bit permutation function.
In addition, alternative functions handling part 203 and 213 need not carry out homomorphism and substitute conversion, can carry out the alternative conversion of non-homomorphism.Carry out non-homomorphism alternative conversion circuit sometimes with homomorphism compare the processing speed height.
Then, Fig. 7 is described.Among Fig. 7 graphic representation the 3rd example of formation of scramble portion 200 shown in Figure 2.
In Fig. 7, given identical Reference numeral to the inscape identical with key element shown in Figure 4.Omit the explanation of the part of these inscapes.
The formation of scramble portion 200 shown in Figure 7 is suitable for making the situation of scramble portion 200 synchronization actions, is with the 1st routine difference of formation shown in Figure 3: appended register 205 and 215.
Storage maintains from the 1st mask data of alternative functions handling part 203 outputs in the register 205.And storage maintains from the 2nd mask data of alternative functions handling part 213 outputs in register 215.
In formation shown in Figure 7, the processor 100 that carries out data processing had utilized before preparing to write data, can prepare this general characteristic of address date to address bus 11.
That is, at first carry out passing through alternative functions handling part 203 and the 213 alternative conversions that realize by XOR and this operation result of XOR circuit 202 and 204 address dates of realizing and the 1st scrambling key data and the 2nd scrambling key data.Then, the 1st mask data and the 2nd mask data that obtains is saved in respectively in register 205 and 215.Then, when processor 100 output writes data, the alternative conversion that the XOR, its operation result of carrying out XOR circuit 204 implemented through alternative functions handling part 220 and based on the XOR of XOR circuit 214.Then, as its execution result, the enciphered data that obtains is exported to RAM2.
Wherein, the enciphered data that the scramble of the scramble portion 200 through formation shown in Figure 7 obtains go scramble, that for example can use formation shown in Figure 5 goes to scramble portion 300 to carry out.
Then, Fig. 8 is described.Among Fig. 8 graphic representation the 4th example of formation of scramble portion 200 shown in Figure 2.
In Fig. 8, given identical Reference numeral to the inscape identical with key element shown in Figure 4.Omitted the explanation of the part of these inscapes.Wherein, here with the formation of scramble portion 200 shown in Figure 4, promptly by key register 201 and 211, XOR circuit 202,204,212 and 214 and alternative functions handling part 203,213, and 220 structures that constitute be called basic portion.That is, in the formation of scramble portion 200 shown in Figure 8, will by key register 201, XOR circuit 202 and 204 and the structure that constitutes of alternative functions handling part 203 be called the 1st basic 206-1 of portion.In addition, in Fig. 8, will by key register 211, XOR circuit 212 and 214 and the structure that constitutes of alternative functions handling part 213 and 220 be called the 2nd basic 206-2 of portion.
On the other hand, in Fig. 8, will be called the 1st extension 216-1 by the structure that key register 221-1, XOR circuit 222-1 and 224-1 and alternative functions handling part 223-1 and 230-1 constitute.And, in Fig. 8, will constitute by key register 221-2, XOR circuit 222-2 and 224-2 and alternative functions handling part 223-2 and 230-2 with the identical structure of the 1st extension 216-1, be called the 2nd extension 216-2.
That is, scramble portion 200 shown in Figure 8 constitutes and possesses: the 1st basic 206-1 of portion and the 2nd basic 206-2 of portion and all the object data scramble is exported the 1st extension 216-1 and the 2nd extension 216-2 of scramble data.
Here, the 2nd basic 206-2 of portion is transfused to the data (i.e. the 1st scramble data) that obtain through aforesaid the 1st scramble of being undertaken by the 1st basic 206-1 of portion, as object data.And the 2nd basic 206-2 of portion carries out aforesaid the 2nd scramble, exports aforesaid the 2nd scramble data.
The 1st extension 216-1 is transfused to the scramble data (the 2nd scramble data) of the 2nd basic 206-2 of portion output as object data.In the 1st extension 216-1, alternative functions handling part 230-1 substitutes conversion one to one with this object data, and key register 221-1, XOR circuit 222-1 and alternative functions handling part 223-1 generate the mask data corresponding with address date.Then, XOR circuit 224-1 obtain data after the alternative conversion of being undertaken by alternative functions handling part 230-1, with each XOR of this mask data.The 1st extension 216-1 so carries out the further scramble of the scramble data of the 2nd basic 206-2 of portion output.
The 2nd extension 216-2 is transfused to the scramble data of the 1st extension 216-1 output, as object data.In the 2nd extension 216-2, alternative functions handling part 230-2 substitutes conversion one to one with this object data, and key register 221-2, XOR circuit 222-2 and alternative functions handling part 223-2 generate the mask data corresponding with address date.Then, XOR circuit 224-2 obtain data after the alternative conversion of being undertaken by alternative functions handling part 230-2, with each XOR of this mask data.The 2nd extension 216-2 so carries out the further scramble of the scramble data of the 1st extension 216-1 output.
Scramble portion 200 shown in Figure 8 as enciphered data, exports from data bus 12 scramble data of the 2nd extension 216-2 output to outside RAM2.
Like this, the formation of scramble portion 200 shown in Figure 8 is in the shown in Figure 4 the 2nd constitutes, the formation that 2 grades of connections of extension file of basic portion are and then formed.Therefore,, obtain the original data that write,, carry out then getting final product for the scramble of going of basic portion as long as inverted order is carried out the scramble of going for the extension 2 times for the enciphered data that obtains through this formation is gone scramble.
Scramble portion 200 shown in Figure 8 utilize 4 key register 201 and 211 and 221-1 and 221-2 in 4 scrambling key data of preserving, write the scramble of data.Therefore, as scramble portion 200 integral body, the key length that writes the employed scrambling key data of scramble of data becomes 4 times (4w-bit).Thereby,, make antagonism that the key exhaustive search is attacked improve more than the formation of Fig. 4 through adopting the formation of Fig. 8.
Then, Fig. 9 is described.Fig. 9 graphic representation the 5th example of formation of scramble portion 200 shown in Figure 2.The 5th example is the example that the file linking number of the extension in the 4th example shown in Figure 8 is expanded to the n level.
In Fig. 9, scramble portion 200 has basic portion 206; With extension 216, it possesses object data is carried out scramble and the n (wherein, n is at least the integer 1 or more) that exports scramble data expands scramble portion.
Here, n expansion scramble portion constitutes and possesses: key register 221-n, XOR circuit 222-n and 224-n and alternative functions handling part 223-n and 230-n.Here, alternative functions handling part 230-n substitutes conversion one to one to the object data that becomes the scramble object in this n expansion scramble portion.On the other hand, key register 221-n, XOR circuit 222-n and alternative functions handling part 223-n obtain the corresponding mask data of exporting with processor 100 (appending mask data) of address date.Then, XOR circuit 224-n is through obtaining each the XOR that appends mask data with this, comes the data of object data being implemented to substitute after the conversion by alternative functions handling part 230-n are carried out scramble, output scramble data (appending scramble data).Wherein, Ci Shi object data be the output of (n-1) expansion scramble portion append scramble data (in addition, being the scramble data of basic portion 206 outputs when n=1).
The scramble portion 200 of Fig. 9 constitutes as above, appends scramble data as enciphered data with what n expansion scramble portion obtained, exports to outside RAM2 from data bus 12.
Like this, the formation of scramble portion 200 shown in Figure 9 is in the shown in Figure 4 the 2nd constitutes, and the extension file n level of basic portion is and then connected the formation that forms.Therefore, carry out the scramble of going to the extension in reverse order n time in order to go scramble to be made up of the enciphered data that obtains this, to obtain the original data that write, needing only, the scramble of going that is directed against basic portion then gets final product.
Scramble portion shown in Figure 9 200 use n+2 key register 201,211,, 221-1 ..., n+2 the scrambling key data of preserving among the 221-n, write the scramble of data.Therefore, as scramble portion 200 integral body, the key length that writes the employed scrambling key data of scramble of data becomes (n+2) doubly ((n+2) w-bit).Thereby,, the antagonism that the key exhaustive search is attacked is compared raising more with the formation of Fig. 4 through adopting the formation of Fig. 9.
In addition, in the formation of Fig. 9,, also can in the security scope that allows, alternative functions handling part 230-n be cut to less than n for high speed.
And the present invention is not limited to the embodiment of above explanation, the implementation phase can carry out various distortion in the scope that does not change its purport.

Claims (14)

1. a data processing equipment is characterized in that,
Have:
Address bus, the address date that its output is given memory storage;
Scramble portion, thus it carries out scramble acquisition enciphered data to writing data, and wherein, this writes the memory location of data corresponding to this definite memory storage of the address date of being exported by this address bus; With
Data bus, it exports the enciphered data that this scramble portion obtains,
This scramble portion has:
The 1st scramble unit, its through obtain with each XOR of corresponding the 1st mask data of this address date, carry out scramble and obtain the 1st scramble data thereby this is write data;
The 1st converting unit, it substitutes conversion one to one to the 1st scramble data; With
The 2nd scramble unit, its through obtain with each XOR of corresponding the 2nd mask data of this address date, obtain the 2nd scramble data thereby come that the data after being implemented to change to the 1st scramble data by the 1st converting unit are carried out scramble,
With the 2nd scramble data as this enciphered data.
2. data processing equipment according to claim 1 is characterized in that,
The 1st scramble unit substitutes conversion to each XOR of this address date and the 1st scrambling key data, obtains the 1st mask data,
The 2nd scramble unit substitutes conversion to each XOR of this address date and the 2nd scrambling key data, obtains the 2nd mask data.
3. data processing equipment according to claim 1 is characterized in that also having:
The 1st goes to the scramble unit, and it is through obtaining each the XOR with the 2nd mask data, thereby comes to go scramble to remove scramble data in the middle of obtaining to this enciphered data of reading from the memory location of this memory storage of being confirmed by this address date;
The inverse conversion unit, it goes scramble data to carry out the inverse conversion by the alternative conversion of the 1st converting unit enforcement to this centre; With
The 2nd goes to the scramble unit, and it is through obtaining each the XOR with the 1st mask data, thereby comes to write data to going data after the scramble data enforcement inverse conversion to go scramble to obtain this by this inverse conversion unit to this centre.
4. data processing equipment according to claim 3 is characterized in that,
Also have:
The 1st logical circuit, it obtains each XOR of the data that are transfused to and the 1st mask data; With
The 2nd logical circuit, it obtains each XOR of the data that are transfused to and the 2nd mask data,
The scramble of going that the scramble and the 2nd that the 1st scramble unit carries out goes to the scramble unit to carry out is shared the 1st logical circuit,
The scramble of going that the scramble and the 1st that the 2nd scramble unit carries out goes to the scramble unit to carry out is shared the 2nd logical circuit.
5. data processing equipment according to claim 3 is characterized in that,
The inverse conversion that the alternative conversion that the 1st converting unit is carried out and this inverse conversion unit carry out is shared homomorphism and is substituted conversion; Substitute in the conversion in this homomorphism; Data to being transfused to substitute conversion one to one, and just change and the inverse conversion of this alternative conversion are homomorphisms.
6. data processing equipment according to claim 1 is characterized in that,
This scramble portion also has at least one the expansion scramble portion that object data is carried out scramble,
This expansion scrambling part does not have:
Append converting unit, it substitutes conversion one to one to this object data; With
Append the scramble unit, it is through obtaining and each the XOR that append mask data corresponding with this address date, thereby comes to implement data after the conversion to this object data and carry out the scramble acquisition and append scramble data appended converting unit by this,
This expansion scramble portion is transfused to the 2nd scramble data as object data,
The scramble data that appends that this scramble portion will expand the acquisition of scramble portion replaces the 2nd scramble data as this enciphered data.
7. one kind is removed scrambling apparatus, is used for this enciphered data that is stored in this memory storage by the described data processing equipment of claim 1 is gone scramble, writes data thereby obtain this, and this goes scrambling apparatus to be characterised in that, has:
Address bus, the address date that its output is given memory storage;
The 1st goes to the scramble unit, and it is through obtaining each the XOR with the 2nd mask data, thereby comes to go scramble to remove scramble data in the middle of obtaining to this enciphered data of reading from the memory location of this memory storage of being confirmed by this address date;
The inverse conversion unit, it goes scramble data to carry out the inverse conversion by the alternative conversion of the 1st converting unit enforcement to this centre; With
The 2nd goes to the scramble unit, and it is through obtaining each the XOR with the 1st mask data, thereby comes to write data to going data after the scramble data enforcement inverse conversion to go scramble to obtain this by this inverse conversion unit to this centre.
8. data processing method is characterized in that having:
Address date output step is exported the address date that memory storage is given from address bus;
Scrambling step is carried out scramble and is obtained enciphered data writing data, and wherein, encrypt this memory location that writes this memory storage that data confirm corresponding to the address date of being exported by this address bus; With
Enciphered data output step, from the enciphered data of data bus output through this scrambling step acquisition,
This scrambling step has:
The 1st scrambling step, through obtain with each XOR of corresponding the 1st mask data of this address date, carry out scramble and obtain the 1st scramble data thereby this is write data;
The 1st switch process substitutes conversion one to one to the 1st scramble data; With
The 2nd scrambling step, through obtain with each XOR of corresponding the 2nd mask data of this address date, obtain the 2nd scramble data thereby come that the data after being implemented to change to the 1st scramble data by the 1st switch process are carried out scramble,
With the 2nd scramble data as this enciphered data.
9. data processing method according to claim 8 is characterized in that,
The 1st scrambling step substitutes conversion to each XOR of this address date and the 1st scrambling key data, obtains the 1st mask data,
The 2nd scrambling step substitutes conversion to each XOR of this address date and the 2nd scrambling key data, obtains the 2nd mask data.
10. data processing method according to claim 8 is characterized in that also having:
The 1st goes scrambling step, through obtaining each the XOR with the 2nd mask data, thereby comes to go scramble to remove scramble data in the middle of obtaining to this enciphered data of reading from the memory location of this memory storage of being confirmed by this address date;
The inverse conversion step goes scramble data to carry out the inverse conversion by the alternative conversion of the 1st switch process enforcement to this centre; With
The 2nd goes scrambling step, through obtaining each the XOR with the 1st mask data, thereby comes to write data to going data after the scramble data enforcement inverse conversion to go scramble to obtain this by this inverse conversion step to this centre.
11. data processing method according to claim 10 is characterized in that,
The scramble of carrying out in the 1st scrambling step and the 2nd goes to carry out in the scrambling step removes scramble to share to obtain each the 1st logical circuit of XOR of the data that are transfused to and the 1st mask data,
The scramble of carrying out in the 2nd scrambling step and the 1st goes to carry out in the scrambling step removes scramble to share to obtain each the 2nd logical circuit of XOR of the data that are transfused to and the 2nd mask data.
12. data processing method according to claim 10 is characterized in that,
This inverse conversion of carrying out in conversion and this inverse conversion step that should substitute of carrying out in the 1st switch process is shared alternative functions portion, and this alternative functions portion substitutes conversion one to one and should substitute the alternative functions portion that is changed to homomorphism with the reverse that should substitute conversion that changes the data that are transfused to.
13. data processing method according to claim 8 is characterized in that,
This scrambling step has at least one expansion scrambling step of object data being carried out scramble,
This expansion scrambling step has respectively:
Append switch process, this object data is substituted conversion one to one; With
Append scrambling step, through obtaining and each the XOR that append mask data corresponding, thereby come to implement data after the conversion to this object data and carry out the scramble acquisition and append scramble data append switch process by this with this address date,
This expansion scrambling step is carried out scramble with the 2nd scramble data as object data,
This scrambling step will be expanded the scramble data that appends that scrambling step obtains through this and replace the 2nd scramble data as this enciphered data.
14. one kind is removed scramble method, is used for this enciphered data that is stored in this memory storage through the described data processing method of claim 8 is gone scramble, obtains this and writes data, this goes scramble method to be characterised in that, has:
Address date output step is exported the address date that memory storage is given from address bus;
The 1st goes scrambling step, through obtaining each the XOR with the 2nd mask data, thereby comes to go scramble to remove scramble data in the middle of obtaining to this enciphered data of reading from the memory location of this memory storage of being confirmed by this address date;
The inverse conversion step goes scramble data to carry out the inverse conversion by the alternative conversion of the 1st switch process enforcement to this centre; With
The 2nd goes scrambling step, through obtaining each the XOR with the 1st mask data, thereby comes to write data to going data after the scramble data enforcement inverse conversion to go scramble to obtain this by this inverse conversion step to this centre.
CN200980158153.6A 2009-03-23 2009-03-23 Data processing device and data processing method Active CN102356418B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2009/001276 WO2010109516A1 (en) 2009-03-23 2009-03-23 Data processing device and data processing method

Publications (2)

Publication Number Publication Date
CN102356418A true CN102356418A (en) 2012-02-15
CN102356418B CN102356418B (en) 2014-12-03

Family

ID=42780231

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200980158153.6A Active CN102356418B (en) 2009-03-23 2009-03-23 Data processing device and data processing method

Country Status (5)

Country Link
US (1) US8707057B2 (en)
EP (1) EP2413305B1 (en)
JP (1) JP5541277B2 (en)
CN (1) CN102356418B (en)
WO (1) WO2010109516A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106170943A (en) * 2013-09-25 2016-11-30 汤姆逊许可公司 Use the secret protection ridge regression of part homomorphic cryptography and mask

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10592433B1 (en) * 2015-12-10 2020-03-17 Massachusetts Institute Of Technology Secure execution of encrypted software in an integrated circuit
FR3055734B1 (en) * 2016-09-05 2018-09-28 STMicroelectronics (Grand Ouest) SAS METHOD AND DEVICE FOR MITIGATING ELECTROMAGNETIC INTERFERENCE DURING TRANSFER OF DATA FROM OR TO A MEMORY.
US11275515B1 (en) * 2020-08-27 2022-03-15 Micron Technology, Inc. Descrambling of scrambled linear codewords using non-linear scramblers

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09258655A (en) * 1996-03-27 1997-10-03 Matsushita Electric Ind Co Ltd Data encryption device
CN1236132A (en) * 1997-10-10 1999-11-24 通用仪器公司 Secure processor with external memory using block chaining and block re-ordering
JP2003087240A (en) * 2001-09-11 2003-03-20 Matsushita Electric Ind Co Ltd Ciphering device, deciphering device, ciphering/ deciphering device, and program recording medium
CN101086769A (en) * 2006-06-07 2007-12-12 三星电子株式会社 Encrypting system for encrypting input data, error detection circuit and operation method
JP2008058829A (en) * 2006-09-01 2008-03-13 Sony Corp Encryption processor, encryption processing method, and computer program

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0744375A (en) * 1993-07-29 1995-02-14 Nec Corp Ciphered data processor
JP2000076144A (en) * 1998-09-02 2000-03-14 Nippon Telegr & Teleph Corp <Ntt> Logic circuit, microcomputer and communication method between logic circuit and storage device
JP2001109667A (en) 1999-10-13 2001-04-20 Nec Ic Microcomput Syst Ltd Method and device for processing data
JP2002091828A (en) * 2000-09-18 2002-03-29 Sharp Corp Data processor, storage device and data transfer system using the same
US6968467B2 (en) * 2000-10-26 2005-11-22 Matsushita Electric Industrial Co., Ltd. Decentralized power management system for integrated circuit using local power management units that generate control signals based on common data
US20020112193A1 (en) * 2001-02-09 2002-08-15 International Business Machines Corporation Power control of a processor using hardware structures controlled by a compiler with an accumulated instruction profile
DE10115118A1 (en) 2001-03-27 2002-10-10 Philips Corp Intellectual Pty Method for the transmission of data via a data bus
WO2003030441A2 (en) * 2001-10-03 2003-04-10 Koninklijke Philips Electronics N.V. Memory encryption system and method
JP2004110408A (en) 2002-09-18 2004-04-08 Hitachi Communication Technologies Ltd Electronic safe-deposit box system
JP2006527865A (en) * 2003-06-16 2006-12-07 エレクトロニクス アンド テレコミュニケーションズ リサーチ インスチチュート Line doll block encryption apparatus and encryption and decryption method thereof
JP4551802B2 (en) 2005-03-29 2010-09-29 株式会社東芝 Processor, memory, computer system, and data transfer method
DE102007026977B4 (en) * 2006-06-07 2012-03-08 Samsung Electronics Co., Ltd. Cryptographic system and associated operating method and computer program product

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09258655A (en) * 1996-03-27 1997-10-03 Matsushita Electric Ind Co Ltd Data encryption device
CN1236132A (en) * 1997-10-10 1999-11-24 通用仪器公司 Secure processor with external memory using block chaining and block re-ordering
JP2003087240A (en) * 2001-09-11 2003-03-20 Matsushita Electric Ind Co Ltd Ciphering device, deciphering device, ciphering/ deciphering device, and program recording medium
CN101086769A (en) * 2006-06-07 2007-12-12 三星电子株式会社 Encrypting system for encrypting input data, error detection circuit and operation method
JP2008058829A (en) * 2006-09-01 2008-03-13 Sony Corp Encryption processor, encryption processing method, and computer program

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106170943A (en) * 2013-09-25 2016-11-30 汤姆逊许可公司 Use the secret protection ridge regression of part homomorphic cryptography and mask

Also Published As

Publication number Publication date
US20120008782A1 (en) 2012-01-12
JP5541277B2 (en) 2014-07-09
CN102356418B (en) 2014-12-03
US8707057B2 (en) 2014-04-22
EP2413305B1 (en) 2019-06-26
WO2010109516A1 (en) 2010-09-30
EP2413305A4 (en) 2015-04-29
JPWO2010109516A1 (en) 2012-09-20
EP2413305A1 (en) 2012-02-01

Similar Documents

Publication Publication Date Title
US5623548A (en) Transformation pattern generating device and encryption function device
JP5242560B2 (en) ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, AND INTEGRATED CIRCUIT
CA2134410C (en) Symmetric cryptographic system for data encryption
US8290148B2 (en) Encryption processing apparatus, encryption processing method, and computer program
US8184805B2 (en) Program converter, encrypting device, and encrypting method
KR20020006475A (en) Encryption device, decryption device, expanded key generating device, expanded key generating method and recording medium
CN108141352B (en) Cryptographic apparatus, method, apparatus and computer readable medium, and encoding apparatus, method, apparatus and computer readable medium
CN112291056B (en) Encryption key generator and transmission system
SE1350203A1 (en) Device encryption process and process for unsafe environments
CN102356418B (en) Data processing device and data processing method
KR100456599B1 (en) Cryptographic apparatus with parallel des structure
JP2010166402A (en) Encryption processing apparatus, encryption processing method, and encryption processing program
JP4515716B2 (en) Extended key generation device, encryption device, and encryption system
JP3782210B2 (en) Crypto device
US20180054307A1 (en) Encryption device
EP3618344B1 (en) Code generation device, code generation method and code generation program
JP2008046151A (en) Encryption processing method
US10678709B2 (en) Apparatus and method for memory address encryption
Kumar et al. ADVANCED SECURITY USING ENCRYPTION, COMPRESSION AND STEGANOGRAPHY TECHNIQUES
Chandu et al. Implementation of AES Algorithm using Dynamic S-box on FPGA
CN113505400A (en) AES encryption circuit design method
CN111711519A (en) Data processing method, device and equipment based on dynamic white box
KR20010105775A (en) A data encryption standard system equipped parallel feistel structure
Kumar et al. Cryptompress: A Symmetric Cryptography algorithm to deny Bruteforce Attack
UA119589C2 (en) METHOD OF CRYPTOGRAPHIC TRANSFORMATION OF BINARY DATA (OPTIONS)

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant